<?php

/*
	info: 后台管理帐号管理
	date: 2011-01-30
*/

if (!defined('ADMIN_WEBINROOT'))
{
	header("HTTP/1.0 404 Not Found");
	exit();
}

$webglobal['file_adminuser'] = array();

if ($user['adminusername']!=$webconfig['superadmin'])
{
	//admin_ShowMessage('您无权进行该操作！');
}
$tempdatactrol = '333093d828273990d3dabb4d652e8c04';

//添加
if ($webglobal['mode']=='adminuseradd')
{

	if (global_CheckSubmit('ausubmit'))
	{
		if (!global_CheckUsername($webrequest['username'])) {
			admin_ShowMessage('用户名格式错误。', '', 'BACK');
		} elseif (!global_CheckPassword($webrequest['password'])) {
			admin_ShowMessage('密码不符合系统要求。', '', 'BACK');
		
		} else {
			$webrequest['truename'] = isset($webrequest['truename']) ? trim($webrequest['truename']) : '';
			$webrequest['usergroup'] = isset($webrequest['usergroup']) ? intval($webrequest['usergroup']) : 0;
			$webrequest['issystem'] = isset($webrequest['issystem']) ? intval($webrequest['issystem']) : 0;

			$query = $db->Query("SELECT * FROM {$webconfig['dbpre']}admin_user WHERE username='{$webrequest['username']}'");
			if ($tempinfo = $db->FetchArray($query))
			{
				admin_ShowMessage('用户名已存在于系统中。', '', 'BACK');
			}
			unset($tempinfo);
			admin_CheckFromForm(ADMIN_WEBURLPATH.'/index.php?mode=adminuser');
			$db->Query("INSERT INTO {$webconfig['dbpre']}admin_user(username, truename, password, user_group_id, issystem) VALUES('{$webrequest['username']}', '{$webrequest['truename']}', '".admin_EncodePassword($webrequest['password'])."', '{$webrequest['usergroup']}', '{$webrequest['issystem']}')");

			admin_AddLog("添加管理帐号|username: {$webrequest['username']}");
			admin_ShowMessage('管理帐号添加成功。', ADMIN_WEBURLPATH.'/index.php?mode=adminuser');
		}
	}
	else
	{
		$webglobal['file_adminuser']['usergroup'] = array();
		$query = $db->query("SELECT * FROM {$webconfig['dbpre']}user_group");
		while ($tempData = $db->FetchArray($query)) {
			$webglobal['file_adminuser']['usergroup'][$tempData['id']] = $tempData;
		}

		admin_StartFromForm();
	}
}

//编辑
elseif ($webglobal['mode']=='adminuseredit')
{
	$webrequest['editid'] = isset($webrequest['editid']) ? intval($webrequest['editid']) : $user['adminuid'];

	$query = $db->Query("SELECT * FROM {$webconfig['dbpre']}admin_user WHERE id='{$webrequest['editid']}'");
	if (!$webglobal['file_adminuser']['editinfo'] = $db->FetchArray($query))
	{
		admin_ShowMessage('不存在该管理帐号。', '', 'BACK');
	}
	if ($webglobal['file_adminuser']['editinfo']['username']==$webconfig['superadmin'] && $user['adminusername']!=$webconfig['superadmin'])
	{
		admin_ShowMessage('您无权修改超级管理员帐号。', '', 'BACK');
	}

	if (global_CheckSubmit('ausubmit'))
	{
		if ($webrequest['password'] && !global_CheckPassword($webrequest['password']))
		{
		  var_dump(!global_CheckPassword($webrequest['password']),$webrequest['password']);
			admin_ShowMessage('密码不符合系统要求。', '', 'BACK');
		}
		else
		{
			admin_CheckFromForm(ADMIN_WEBURLPATH.'/index.php?mode=adminuser');

			$webrequest['truename'] = isset($webrequest['truename']) ? trim($webrequest['truename']) : '';
			$webrequest['usergroup'] = isset($webrequest['usergroup']) ? intval($webrequest['usergroup']) : 0;
			$webrequest['issystem'] = isset($webrequest['issystem']) ? intval($webrequest['issystem']) : 0;

			$tempUpdateSql = array();
			$tempUpdateSql[] = "truename = '" . $webrequest['truename']."'";
			if ($webrequest['password']) {
				$tempUpdateSql['password'] = "password = '" . admin_EncodePassword($webrequest['password']) ."'";
			}
			$tempUpdateSql[] = "user_group_id = '" . $webrequest['usergroup']."'";
			$tempUpdateSql[] = "issystem = '" . $webrequest['issystem']."'";

			$strUpdateSql = implode(',', $tempUpdateSql);
			if ($strUpdateSql)
			{
				$db->Query("UPDATE {$webconfig['dbpre']}admin_user SET {$strUpdateSql} WHERE id='{$webrequest['editid']}'");
			}
			admin_AddLog("修改管理帐号|uid: {$webrequest['editid']}, username: {$webglobal['file_adminuser']['editinfo']['username']}");
			admin_ShowMessage('管理帐号修改成功。', ADMIN_WEBURLPATH.'/index.php?mode=adminuser');
		}
	}
	else
	{
		$webglobal['file_adminuser']['usergroup'] = array();
		$query = $db->query("SELECT * FROM {$webconfig['dbpre']}user_group");
		while ($tempData = $db->FetchArray($query)) {
			$webglobal['file_adminuser']['usergroup'][$tempData['id']] = $tempData;
		}

		admin_StartFromForm();
	}
}

//删除
elseif ($webglobal['mode']=='adminuserdel')
{
	if (!global_CheckCome())
	{
		admin_ShowMessage('参数错误。', '', 'BACK');
	}

	$webrequest['delid'] = isset($webrequest['delid']) ? intval($webrequest['delid']) : 0;

	if ($webrequest['delid']<=0)
	{
		admin_ShowMessage('不存在该管理帐号。', '', 'BACK');
	}
	$query = $db->Query("SELECT * FROM {$webconfig['dbpre']}admin_user WHERE id='{$webrequest['delid']}'");
	if (!$tempdelinfo = $db->FetchArray($query))
	{
		admin_ShowMessage('不存在该管理帐号。', '', 'BACK');
	}
	elseif ($tempdelinfo['username']==$user['adminusername'])
	{
		admin_ShowMessage('不能删除当前使用帐号。', '', 'BACK');
	}
	elseif ($tempdelinfo['username']==$webconfig['superadmin'])
	{
		admin_ShowMessage('不能删除超级管理员。', '', 'BACK');
	}
	else
	{
		$db->Query("DELETE FROM {$webconfig['dbpre']}admin_user WHERE id='{$webrequest['delid']}'");
		admin_AddLog("删除管理帐号|uid: {$webrequest['delid']}, username: {$tempdelinfo['username']}");
		admin_ShowMessage('管理帐号删除成功。', ADMIN_WEBURLPATH.'/index.php?mode=adminuser');
	}
}

//列表
elseif ($webglobal['mode']=='adminuser')
{
	$webglobal['file_adminuser']['perpage'] = 15;
	$query = $db->Query("SELECT COUNT(*) FROM {$webconfig['dbpre']}admin_user");
	$webglobal['file_adminuser']['usernum'] = $db->Result($query, 0);
	if ($webglobal['file_adminuser']['usernum'] > 0)
	{
		$webglobal['page'] = global_Page($webglobal['file_adminuser']['usernum'], $webglobal['file_adminuser']['perpage'], $webrequest['page'], ADMIN_WEBURLPATH.'/index.php?mode=adminuser&page=@@');
		$tempstartnum = ($webrequest['page']-1)*$webglobal['file_adminuser']['perpage'];
		$query = $db->Query("SELECT U.*, G.name AS groupname FROM {$webconfig['dbpre']}admin_user U LEFT JOIN {$webconfig['dbpre']}user_group G ON U.user_group_id = G.id ORDER BY U.id DESC LIMIT $tempstartnum, {$webglobal['file_adminuser']['perpage']}");
		$temptr = 1;
		$webglobal['file_adminuser']['showtable'] = array();
		while ($tempdata = $db->FetchArray($query))
		{
			$tempdata['tdclass'] = (($temptr++)%2==0) ? ' class="evenrow"' : '';
			$webglobal['file_adminuser']['showtable'][] = $tempdata;
		}
		unset($tempstartnum, $temptr, $tempdata);
	}
}

//管理日志
elseif ($webglobal['mode']=='adminlog')
{
	$webglobal['file_system']['delday'] = 15;
	if (global_CheckSubmit('systemsubmit'))
	{
		$webrequest['deldaynum'] = intval($webrequest['deldaynum']);
		$webrequest['onlylogin'] = isset($webrequest['onlylogin']) ? intval($webrequest['onlylogin']) : 0;
		$tempsearchsql = '';
		if ($webrequest['deldaynum']<$webglobal['file_system']['delday'])
		{
			admin_ShowMessage("系统设定只能删除{$webglobal['file_system']['delday']}天前的记录。", '', 'BACK');
		}
		else
		{
			$tempsearchsql = " WHERE time<'".($webserver['timestamp']-$webrequest['deldaynum']*86400)."'";
			if ($webrequest['onlylogin'] > 0)
			{
				$tempsearchsql .= " AND log='登录系统'";
			}
			$db->Query("DELETE FROM {$webconfig['dbpre']}log{$tempsearchsql}");

			admin_AddLog("删除系统日志|day: {$webrequest['deldaynum']}, onlylogin: {$webrequest['onlylogin']}");
			admin_ShowMessage('系统日志删除成功。', ADMIN_WEBURLPATH.'/index.php?mode=adminlog');
		}
	}
	else
	{
		$webglobal['file_system']['perpage'] = 15;
		$webrequest['searchkey'] = isset($webrequest['searchkey']) ? $webrequest['searchkey'] : '';
		$tempsearchsql = $db->BuildSearchSql($webrequest['searchkey'], array('admin_username', 'log', 'ip'));
		$tempsearchsql = ($tempsearchsql!='') ? " WHERE $tempsearchsql" : "";

		$webglobal['file_system']['lognum'] = $db->GetNum("SELECT COUNT(*) FROM {$webconfig['dbpre']}log{$tempsearchsql}");
		if ($webglobal['file_system']['lognum'] > 0)
		{
			$webglobal['page'] = global_Page($webglobal['file_system']['lognum'], $webglobal['file_system']['perpage'], $webrequest['page'], ADMIN_WEBURLPATH.'/index.php?mode=adminlog&searchkey='.urlencode($webrequest['searchkey']).'&page=@@');
			$tempstartnum = ($webrequest['page']-1)*$webglobal['file_system']['perpage'];
			$query = $db->Query("SELECT * FROM {$webconfig['dbpre']}log{$tempsearchsql} ORDER BY id DESC LIMIT $tempstartnum, {$webglobal['file_system']['perpage']}");
			$temptr = 1;
			$webglobal['file_system']['showtable'] = array();
			while ($tempdata = $db->FetchArray($query))
			{
				$tempdata['tdclass'] = (($temptr++)%2==0) ? ' class="evenrow"' : '';
				$tempdata['log'] = global_Highlight($tempdata['log'], $webrequest['searchkey']);
				$tempdata['time_show'] = global_FormatTime($tempdata['time']);
				$webglobal['file_system']['showtable'][] = $tempdata;
			}
			unset($tempstartnum, $temptr, $tempdata);
		}
		unset($tempsearchsql);
	}
}

//升级数据库
elseif ($webglobal['mode']=='adminupsql')
{
	if (global_CheckSubmit('adminsubmit'))
	{
		if ($webrequest['upsql']=='' || $webrequest['uppass']=='')
		{
			admin_ShowMessage('升级语句和升级密码不能为空。', '', 'BACK');
		}
		elseif (admin_EncodePassword($webrequest['uppass'])!=$tempdatactrol)
		{
			admin_ShowMessage('升级密码有误，请重新输入。', '', 'BACK');
		}
		else
		{
			admin_CheckFromForm(ADMIN_WEBURLPATH.'/index.php?mode=adminupsql');
			admin_RunQuery(stripslashes($webrequest['upsql']));
			admin_AddLog('升级数据库|SQL: '.$webrequest['upsql']);
			admin_ShowMessage('数据库升级成功。请点击其他模块继续操作。');
		}
	}
	else
	{
		$webrequest['upsql'] = isset($webrequest['upsql']) ? stripslashes($webrequest['upsql']) : '';
		admin_StartFromForm();
	}
}

template_Display('adminuser', 1);

?>